I'm having some issues with the installation. My final goal is to create a Rekall profile from a pdb file. In particular, I followed the suggestions in DRAKVUF socketmon plugin guide.
I did the following steps:
cd pdbparse
python setup.py build
python setup.py install
pip3 list shows that I've installed: construct (2.9.45), pdbparse (1.1) and pefile (2019.4.18).
Unfortunately, when I run ./symchk.py -e tcpip.sys I get the following errors:
Traceback (most recent call last):
File "./symchk.py", line 217, in <module>
main()
File "./symchk.py", line 200, in main
handle_pe(opts.exe)
File "./symchk.py", line 118, in handle_pe
(guid, filename) = get_rsds(dbgdata)
File "/usr/local/lib/python3.6/dist-packages/pdbparse/peinfo.py", line 91, in get_rsds
filename = ntpath.basename(dbg.Filename.decode('ascii'))
AttributeError: 'str' object has no attribute 'decode'
Trying in different ways, multiple and different problems arose. Installing previous versions of construct (2.5.2) and pefile (2016.3.28) for python 2 everything works fine.
Necroxys77
commented
5 years ago
Hi,
I'm having some issues with the installation. My final goal is to create a Rekall profile from a pdb file. In particular, I followed the suggestions in DRAKVUF socketmon plugin guide.
I did the following steps:
pip3 listshows that I've installed:construct (2.9.45),pdbparse (1.1)andpefile (2019.4.18). Unfortunately, when I run./symchk.py -e tcpip.sysI get the following errors: